02-01-2013 12:17 AM
Good morning, I have the scheme, including three devices: C7200, ASR9k, C7600. C7200 and ASR are in the same AS (iBGP-vpnv4 peers). ASR and C7600 - eBGP-vpnv4 peers. All relationships have been established. I can ping 7600 from ASR within vrf, but I can't ping 7600 from C7200 in the same vrf, even though valid route from C7600 is present in C7200's routing table. There is full-mesh route-target vpn topology and there is no any route policies or filters.
Possibly, does anyone have some ideas? I could send the topology or config list, if you need. Thanks.
02-01-2013 06:26 AM
Hi Alexander,
w/o topology is impossible to understand what you are talking about.
Please attach it including info about the vrf you mentioned.
Riccardo
02-05-2013 12:51 AM
Here's topology:
There're config lists of all three devices below:
C7600 - Version 12.2(33r)SRC3, RELEASE SOFTWARE (fc1):
mpls label protocol ldp
------
router bgp 65001
bgp router-id 10.100.100.1
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 10.100.100.2 remote-as 65001
neighbor 10.100.100.2 ebgp-multihop 5
neighbor 10.100.100.2 update-source Loopback0
!
address-family ipv4
no synchronization
no auto-summary
exit-address-family
!
address-family vpnv4
neighbor 10.100.100.2 activate
neighbor 10.100.100.2 send-community extended
exit-address-family
address-family ipv4 vrf TEST
no synchronization
redistribute connected
exit-address-family
------
ip vrf TEST
rd 911:911
route-target export 911:911
route-target import 911:911
-------
interface GigabitEthernet1/4
description -ASR-as65002--
mtu 1546
ip address 10.10.10.1 255.255.255.252
speed nonegotiate
mpls bgp forwarding
mpls ip
end
interface Loopback0
ip address 10.100.100.1 255.255.255.255
end
interface Loopback2
ip vrf forwarding TEST
ip address 1.1.1.1 255.255.255.255
end
---------
show bgp vpnv4 unicast vrf TEST
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 911:911 (default for vrf TEST)
*> 1.1.1.1/32 0.0.0.0 0 32768 ?
*> 2.2.2.2/32 10.100.100.2 0 65002 ?
*> 3.3.3.3/32 10.100.100.2 0 65002 ?
ping vrf TEST 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
ping vrf TEST 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ASR9k - Cisco IOS XR Software, Version 4.2.0[Default]
router bgp 65002
nsr
bgp router-id 10.100.100.2
bgp graceful-restart
ibgp policy out enforce-modifications
address-family ipv4 unicast
maximum-paths ibgp 8
!
address-family vpnv4 unicast
retain route-target all
neighbor 10.100.100.1
remote-as 65001
ebgp-multihop 5
update-source Loopback0
address-family vpnv4 unicast
route-policy PASS-ALL in
route-policy PASS-ALL out
neighbor 10.100.100.3
remote-as 65001
update-source Loopback0
address-family vpnv4 unicast
route-policy PASS-ALL in
route-policy PASS-ALL out
next-hop-self
route-policy PASS-ALL
pass
end-policy
vrf TEST
rd 911:911
address-family ipv4 unicast
redistribute connected
allocate-label all
!
!
!
vrf TEST
address-family ipv4 unicast
import route-target
911:911
!
export route-target
911:911
!
interface Loopback2
vrf TEST
ipv4 address 2.2.2.2 255.255.255.255
interface Loopback0
ipv4 address 10.100.100.2 255.255.255.255
interface GigabitEthernet0/2/0/1
mtu 1546
ipv4 address 10.10.10.2 255.255.255.252
interface TenGigE0/1/0/7
mtu 1546
ipv4 address 10.10.10.5 255.255.255.252
----
mpls ldp
nsr
log
neighbor
!
interface GigabitEthernet0/2/0/1
!
interface TenGigE0/1/0/7
-----
show bgp vpnv4 unicast vrf TEST
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 911:911 (default for vrf TEST)
*> 1.1.1.1/32 10.100.100.1 0 0 65001 ?
*> 2.2.2.2/32 0.0.0.0 0 32768 ?
*>i3.3.3.3/32 10.100.100.3 0 100 0 ?
C7200 - IOS (tm) 7200 Software (C7200-JK9O3S-M), Version 12.3(15b), RELEASE SOFTWARE (fc1)
ip cef
mpls label protocol ldp
----
router bgp 65002
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 65002
neighbor 2.2.2.2 update-source LoopBack0
!
address-family ipv4
no synchronization
no auto-summary
exit-address-family
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community both
exit-address-family
!
address-family ipv4 vrf TEST
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
------
ip vrf TEST
rd 911:911
route-target export 911:911
route-target import 911:911
-------
!
interface GigabitEthernet0/3
description -ASR-as65002--
mtu 1546
ip address 10.10.10.6 255.255.255.252
duplex auto
speed auto
media-type gbic
no negotiation auto
tag-switching ip
interface Loopback0
ip address 10.100.100.3 255.255.255.255
end
interface Loopback2
ip vrf forwarding TEST
ip address 3.3.3.3 255.255.255.255
end
-------
show ip bgp vpnv4 vrf TEST
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 911:911 (default for vrf TEST)
*> 3.3.3.3/32 0.0.0.0 0 32768 ?
*>i2.2.2.2/32 10.100.100.2 0 ?
*>i1.1.1.1/32 10.100.100.2 0 65001 ?
ping vrf TEST 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
ping vrf TEST 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
As you can see, C7600 and C7200 don't ping each other in spite of the valid routes in bgp table. ASR pings both C7200 and C7600. We tried to replace C7600 with another C7200 and the scheme has worked. I suspect that the trouble is in C7600, but what could it be?
02-05-2013 10:19 AM
Looks like there is Inter-AS VPN between 7600 and ASR-9k while 7200 is acting as PE within ASR9k's domain, which Inter-AS option (A,B,C) are you trying to achieve here ?
- use debug ip icmp on 7600/7200 to narrow down direciton of drop
- use show ip cef/show ip route, show mpls forw, sh mpls ldp.. show ip bgp is too high
- provide IGP configs
- mark interfaces in topology provided
Most likely you have problems on MPLS layer.
02-06-2013 05:17 AM
Fixed interfaces on topology screenshot.
I'm trying to achieve Inter-AS option B with eBGP for VPNv4 provided.
On ASBRs I use /32 static routes for eBGP peers and OSPF in AS65002 domain.
C7600:
ip route 10.100.100.2 255.255.255.255 10.10.10.2
ASR:
router static
address-family ipv4 unicast
10.100.100.1/32 GigabitEthernet0/2/0/1
router ospf 1
area 0
interface TenGigE0/1/0/7
interface Loopback0
C7200:
router ospf 1
network 10.10.10.4 0.0.0.3 area 0
network 10.100.100.3 0.0.0.0 area 0
icmp debug on 7600/7200 detected the absence of ICMP replies (only requests) on both devices when I was pinging each other.
What else could you recommend?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide